package cn.jinbyte.starter.web.config;

import cn.jinbyte.web.config.*;
import cn.jinbyte.web.resolver.CryptPropArgResolver;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.NestedConfigurationProperty;

/**
 * Web安全配置属性类，映射application.yml中的安全配置
 */
@Data
@ConfigurationProperties(prefix = StarterConst.CONF_PREFIX)
public class WebSecurityProperties {
    /**
     * XSS 防护配置
     */
    @NestedConfigurationProperty
    private XssProperties xss = new XssProperties();

    /**
     * SQL 注入防护配置
     */
    @NestedConfigurationProperty
    private SqlInjectionProperties sqlInjection = new SqlInjectionProperties();

    /**
     * CORS 跨域资源共享配置
     */
    @NestedConfigurationProperty
    private CorsProperties cors = new CorsProperties();

    /**
     * CSRF（跨站请求伪造）防护配置
     */
    @NestedConfigurationProperty
    private CsrfProperties csrf = new CsrfProperties();

    /**
     * 安全响应头配置
     */
    @NestedConfigurationProperty
    private SecurityHeaderProperties headers = new SecurityHeaderProperties();

    /**
     * 默认接口参数配置
     * @see CryptPropArgResolver
     */
    private String argCryptKey = "123456";

}
